Florence House Medical Practice has a legal duty to explain how we use any personal information we collect about you, as a registered patient, at the practice.
What Information Do We Collect About You?
We will collect the following types of information from you or about you from a third party (provider organisation) engaged in the delivery of your care:
- Personal data: any information relating to an identifiable person who can be directly or indirectly identified from the data. This includes, but is not limited to name, date of birth, full postcode, address, next of kin and NHS number
- Special category/sensitive data: this could be medical history including details of appointments and contact with you, medication, emergency appointments and admissions, clinical notes, treatments, results of investigations, supportive care arrangements, social care status, race, ethnic origin, genetics and sexual orientation
Your healthcare records contain information about your health and any treatment or care you have received previously. This information will be collected either electronically using secure NHS Mail or a secure electronic transfer over an NHS encrypted network connection. Physical information will also be sent to the practice. This information will be retained within our electronic patient record or within a patient paper records.
We use a combination of technologies and working practices to ensure that we keep your information secure and confidential.
How We Will Use Your Information
Your data is collected for the purpose of providing direct patient care. Information held about you may be used to help protect the health of the public and to help us manage the NHS. Information is also used with the practice for clinical audit to monitor the quality of the service provided. Some of this information will be held centrally and used for statistical purposes. Where we do this, we take strict measures to ensure that individual patients cannot be identified.
We can disclose this information if it is required by law, if you give consent or if it is justified in the public interest. The practice may be requested to support research; however, we will always gain your consent before sharing your information with medical research databases
Processing your information in this way and obtaining your consent ensures that we comply with GDPR articles:
- 6(1)(c) ‘processing is necessary for compliance with a legal obligation to which the controller is subject…’
- 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’, and
- 9(2)(h) “…necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”
Who Will We Share Your Information With
In order to deliver and coordinate your health and social care, we may share or receive information from the following organisations:
- Other GP practices
- NHS trusts/foundation trusts
- NHS commissioning support units
- Independent contractors such as dentists, opticians, pharmacists
- Public Health England
- Private sector providers
- Voluntary sector providers
- Community care services
- Ambulance trusts
- Clinical commissioning group
- Social care services
- NHS Digital
- Local authorities
- Educations services
- Fire and rescue services
- Police and judicial services
- Other “data processors” which you will be informed of
- Third party processors:
When we use a third party service provider to process data on our behalf then we will always have an appropriate agreement in place to ensure that they keep the data secure, that they do not use or share information other than in accordance with our instructions and that they are operating appropriately. Examples of functions that may be carried out by third parties includes:
- Companies that provide IT services and support, including our core clinical systems; systems which manage patient facing services (such as our website and service accessible through the same); data hosting service providers; systems which facilitate appointment bookings or electronic prescription services; document management services etc.
- Delivery services (for example if we were to arrange for delivery of any medicines to you).
- Payment providers (if for example you were paying for a prescription or a service such as travel vaccinations).
Further details regarding specific third party processors can be supplied on request.
You will be informed who your data will be shared with and in some cases, asked for explicit consent for this to happen when this is required.
Your data will not be transferred outside the European Union.
This practice is supporting vital coronavirus (COVID-19) planning and research by sharing your data with NHS Digital. For more information about this, please see:
How The NHS and Care Services use Your Information
Florence House Medical Practice is one of many organisations working in the health and care system to improve care for patients and the public.
Whenever you use a health or care service, such as attending Accident & Emergency or using Community Care services, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.
The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
- Improving the quality and standards of care provided.
- Research into the development of new treatments.
- Preventing illness and diseases.
- Monitoring safety.
- Planning services.
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.
Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. On this web page you will:
- See what is meant by confidential patient information.
- Find examples of when confidential patient information is used for individual care and examples of when it is used for purposes beyond individual care.
- Find out more about the benefits of sharing data.
- Understand more about who uses the data.
- Find out how your data is protected.
- Be able to access the system to view, set or change your opt-out setting.
- Find the contact telephone number if you want to know any more or to set/change your opt-out by phone.
- See the situations where the opt-out will not apply.
You can also find out more about how patient information is used at:
- www.hra.nhs.uk/information-about-patients (which covers health and care research); and
- understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)
You can change your mind about your choice at any time.
Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.
Health and care organisations have until 2020 to put systems and processes in place so they can be compliant with the national data opt-out and apply your choice to any confidential patient information they use or share for purposes beyond your individual care. Our organisation is currently compliant with the national data opt-out policy.
We are committed to maintaining confidentiality and protecting the information we hold about you. We adhere to the General Data Protection Regulation (GDPR), the NHS Codes of Confidentiality and Security, as well as guidance issued by the Information Commissioner’s Office (ICO).
Every member of staff who works for the practice or another NHS organization has a legal obligation to keep information about you confidential.
We will hold your information in accordance with the Records Management Code of Practice for Health and Social Care 2016.
Risk stratification is a mechanism used to identify and subsequently manage those patients deemed as being at high risk of requiring urgent or emergency care. Usually this includes patients with long-term conditions, e.g. cancer. Your information is collected by a number of sources, including Florence House Medical Practice; this information is processed electronically and given a risk score which is relayed to your GP who can then decide on any necessary actions to ensure that you receive the most appropriate care.
Your information may be shared if you have received treatment to determine which Clinical Commissioning Group (CCG) is responsible for paying for your treatment. This information may include your name, address and treatment date. All of this information is held securely and confidentially; it will not be used for any other purpose or shared with any third parties.
The law sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used. However consent is only one potential lawful basis for processing information. Therefore the practice may not need to seek your explicit consent for every instance of processing and sharing your information, on the condition that the processing is carried out in accordance with this notice.
Florence House Medical Practice will contact you if we are required to share your information for any other purpose which is not mentioned within this notice.
You have the right to object to information being shared between those who are providing you with direct care. This may affect the care you receive – please speak to the practice first
You have the right to object to information being shared for any purpose other than your medical care, such as for research or planning purposes. In this instance, please visit www.nhs/uk/your-nhs-data-matters. You will be able to opt out securely online. Alternatively call 0300 303 5678.
You have the right to write to withdraw your consent at any time for any particular instance of processing, provided consent is the legal basis for the processing. Please contact the practice manager for further information and to raise your objection.
Access To Your Records
You have a right to access the information we hold about you. This is called a Subject Access Request (SAR). Please ask at reception for a SAR form or alternatively speak to a member of our staff for further information. You can also make the request via email or verbally. You should be aware that some details within your health records may be exempt from disclosure. This will be in the interests of your wellbeing or to protect the identity of a third party. The practice will process your request within one calendar month.
Furthermore, should you identify any inaccuracies you have a right to have the inaccurate data corrected. Please speak with the practice manager should this be the case.
Please complete the attached SAR form (PDF) if you would like to make a subject access request.
Data Controller and Data Protection Officer
As your registered GP practice, we are the data controller for any personal data that we hold about you.
In the unlikely event that you are unhappy with any element of our data-processing methods, you should raise your concerns in the first instance in writing with the Practice Manager.
If you remain dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at:
Telephone: 01625 545 700
Page updated: 14/09/2020